# 绑定helm sa到 cluster-admin，这样可以兼容现有需要集群特权的charts
# 
---
apiVersion: v1
kind: Namespace
metadata:
  name: {{ helm_namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ tiller_sa }}
  namespace: {{ helm_namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller-cb
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: {{ tiller_sa }}
    namespace: {{ helm_namespace }}
